Israel Cerda, Security Operations Lead at Fortra, was featured in Cyber Defense Magazine discussing how attackers are abusing GitHub’s trusted infrastructure in ongoing vishing campaigns. In the article, Israel explains how threat actors embed malicious content into commit messages and leverage GitHub’s legitimate email notifications to bypass traditional security controls. He also explores broader abuse of GitHub, including malware distribution and data scraping, and emphasizes the need for layered defenses such as advanced email filtering and employee training to reduce risk from trusted-platform abuse.
Originally published in Cyber Defense Magazine.
Excerpt: “The rise of vishing attacks through GitHub’s email notifications shows just how versatile and persistent cybercriminals can be in exploiting trusted platforms. While GitHub has been a target for various types of abuse, like malware distribution and data scraping, this recent tactic highlights the level of creativity and motivation threat actors display.”
Cyber Defense Magazine: GitHub Service Abuse in Ongoing Vishing Campaigns
Posted on May 29, 2026
